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Amendments to the Claims; 

This listing of claims will replace all prior versions, and listings of claims in the application: 

1 . (Previously Presented) A computer program product for a client 
computing system including a processor includes: 

code that directs the processor to request a challenge &om an authentication 

server; 

code that directs the processor to receive the challenge from the authentication 
server via a first secure communications channel, wherein the challenge includes at least a 
password that is inactive; 

code that directs the processor to receive user authentication data from a user; 

code that directs the processor to determine a private key aiKl a digital certificate 
in response to the user authentication data; 

code that directs the processor to fomi a digital signature in response to the 
password that is inactive from the authentication server and the private key; 

code that directs the processor to communicate the digital signature to the 
authentication server^ 

code that directs the processor to communicate the digital certifi.cate to the 
authentication server, the digital certificate comprising a public key in an encrypted form; and 

code that directs the processor to communicate network user authentication data 
and the password that is inactive to the authentication server via a security server, 

wherein the authentication server activates the password that is inactive when the 
digital signature is verified, and 

wherein the codes reside on a tangible media. 

2, (Previously Presented) The computer program product of claim 1 wherein 
the password tiiat is inactive remains inactivate when the authentication server does not verify 
the digital signatiue. 
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3. (Previously presented) The computer program product of claim 1 wherein 
the security server comprises a server selected fiom a group of servers consistiAg of: firewall 
server^ VPN gateway server, 

4. (Original) The computer program product of claim 1 wherein code that 
directs the processor to deterroine the private key and the digital certificate in response to the 
user authentication data comprises code that directs the processor to determine a private key 
associated with the user when the user authentication data is correct* 

5. (Original) The computer program product of claim 4 wherein code that 
directs the processor to detemiine the private key and the digital certificate in response to the 
user authentication data further comprises code that directs the processor to determine a private 
key not associated with the user when the user authentication data is incorrect. 

6. (Original) The computer program product of claim 1 further comprising 
code that directs the processor to receive network user authentication data from the user. 

7. (Original) The computer program product of claim 1 wherein code that 
directs the processor to receive user authentication data from a user comprise code that directs 
the processor to receive user authentication data and the network authentication data firom the 
user. 

8. (Previously Presented) A client computing system for communicating 
with a private server includes: 

a tangible memory configured to store a key wallet, the key wallet including a 
private key associated with the user and a digital certificate associated with a user, the private 
key and digital certificate stored in an encrypted form; 

a processor coupled to the tangible memory, the processor configured to receive a 
challenge from an authentication server via a first secure coromunications channel, the challenge 
con^sing a password that is inactive, configured to receive user authentication data fix>m the 
user, configured to determine a retrieved private key and a retrieved digital certificate fiom the 
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key wallet in response to the user authentication data fiom the user; configured to form a digital 
signature in response to the password that is inactive fiom the authenticadon server and the 
retrieved private key, configured to communicate the digital signature to the authentication 
server, configured to communicate the digital certificate to the authentication sender, and 
configured to communicate network user authentication data and the identity code to the 
authentication server via a security server, 

wherein the authentication server activates the password that is inactive when the 
digital signature is verified, and 

wherein the security server allows the client computing system to communicate 
with the private server when the password that is inactive is activated, 

9. (OriginaL) The client computing system of claim 8 wherein the retrieved 
private key and the private key associated with the user are identical. 

10. (Original) The client computing system of claim 8 

wherein the retrieved private key and the private key associated with the user are 

different, and 

wherein when the retrieved private key and the private key associated with the 
user are different the identity code remains inactive. 

11. (Canceled) 

12. (Previously Presented) The client computing system ofclaim 8 wherein 
the security server comprises a server selected from a group of servers consisting of: firewall 
server, VPN gateway s^er, electronic mail server, weh server, database server, database 
system, application server. 

13. (Original) The client computing system of claim 8 wherein the tangible 
memory can be removed fix>m the client computer. 
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14. (Original) The client computing system of claim 8 wherein the processor 
is also configured to receive the network user authentication data from the user. 

15. (Previously Presented) A client system for communicating with a remote 
server includes; 

a tangible memory configured to store key wallet program, the key wallet 
program configured to store a private key associated with the user and a digital certificate 
associated with a user in protected forms; 

means for receiving a challenge &om a verification server via a first secure 
communications channel, the challenge comprising at least a network password that is inactive; 

means for receiving at least a PIN &om the user, 

means coupled to the tangible memory for determining a returned private key and 
a returned digital certificate fiom the key wallet in r^ponse to at least the PIN fipom the user; 

means for fomodng a digital signature in response to the network password 
received from the verification server and to the private ktyi 

means for communicating the digital certificate and the digital signature to the 
authentication server; and 

means for communicating at least the network password to a security server, 

wherein the network password is activated when the digital signature and digital 
certificate authenticate the user; and 

wherein the security server allows the client system to comtmunicate with the 
remote server when the network password is activated. 

16. (Original) The client system of claim 15 wherein the returned private key 
and the private key associated with the user are the same. 

17. (E*reviously Presented) The plient system of claim 16 

wherein the means fbr determining a retimed private key comprises means for 
detertnining the returned private key in response to the PIN &om the user, and a pre^determined 
PIN, ^^erein when the PIN fipom the user and the pre-determined PIN are different, the return^ 
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private key is different from the private key associated with the user, wherein when the PIN from 
the user and the pre-determined PIN are the same, the returned private key is the private key 
associated with the user; 

wherein when the returned private key and the private key associated with the 
user are different the digital signature and the digital certificate do not authenticate the user. 

18. (Original) The client system of claim 1 5 further comprising means for 
receiving at least a networic password associated with the user from the user, 

wherein the means &r communicating the digital certificate and the digital 
signature to the authentication server also comprise means for communicating the network 
password associated with the user to the authentication server. 

19. (Original) The client system ofclaim 15 wherein the means for 
communicating the digital certificate and the digital signature to the authentication server also 
comprise means for oommimicating a network password associated with the user to the 
aulhratication server; 

the client system further comprising means for detennining the network password 
associated with the user in response to at least the PIN from the user. 

20. (Previously presented) The client conq^uting system ofclaim 15 wherein 
the client computing system is selected from a group of devices consisting of: desktop computer, 
portable computer, PDA, wireless device, 

21. (Previously Presented) The client computing system ofclaim 8 
wherein the password that is inactive is det^mined in the authentication server, 

and 

wherein the password that is inactive is not stored on the client computing system 
before receiving the challenge Scorn the authentication server. 
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